Facebook failed to foresee how turning user-written interests and employer information from profiles into ad targeting options could turn offensive. Facebook COO Sheryl Sandberg has apologized for the situation, and announced that Facebook will now manually review all ad targeting options. “We never intended or anticipated this functionality being used this way – and that is on us” Sandberg wrote.

Facebook quickly suspended the use of all user-submitted info for ad targeting after ProPublica surfaced how people could target “jew-hater” or “How to burn jews” with Facebook ads last week. Sandberg says Facebook has since vetted and approved the top 5,000 user-generated targeting options like “nurse” and “dentistry.” All new parameters will undergo stricter human review.

Facebook has also clarified its rules against offensive ad targeting, and will step up enforcement with more human moderators. It’s also working on a way for people to be able to report potential abuses of its ad product the way people can with Facebook’s user interface and technical systems.

“We have long had a firm policy against hate on Facebook,” Sandberg writes. “Our community deserves to have us enforce this policy with deep caution and care.”

The scandal, and Sandberg’s admission that Facebook hadn’t “anticipated” the potential abuse of its ad system, shows a naiveté characteristic of many of Facebook’s recent problems. From Russian agents buying political ads during the 2016 U.S. presidential election to how its Messenger location feature could be abused to construct a map of where people had been, to an engagement-prioritized News Feed distributing clickbait fake news, Facebook’s idealistic leadership has proven itself better at facilitating the positive use cases for its product than predicting the worst-case scenarios.

Given Facebook’s size and power in publishing, advertising and communication, it must learn to foresee the dark side of human nature. Perhaps that means hiring more grizzled skeptics, who could almost be used as white hat hackers but for discovering opportunities for abuse rather than hacking vulnerabilities.